Revision 95ec3d4c libavformat/matroskadec.c

View differences:

libavformat/matroskadec.c
58 58
    EBML_NEST,
59 59
    EBML_PASS,
60 60
    EBML_STOP,
61
    EBML_TYPE_COUNT
61 62
} EbmlType;
62 63

  
63 64
typedef const struct EbmlSyntax {
......
780 781
static int ebml_parse_elem(MatroskaDemuxContext *matroska,
781 782
                           EbmlSyntax *syntax, void *data)
782 783
{
784
    static const uint64_t max_lengths[EBML_TYPE_COUNT] = {
785
        [EBML_UINT]  = 8,
786
        [EBML_FLOAT] = 8,
787
        // max. 16 MB for strings
788
        [EBML_STR]   = 0x1000000,
789
        [EBML_UTF8]  = 0x1000000,
790
        // max. 256 MB for binary data
791
        [EBML_BIN]   = 0x10000000,
792
        // no limits for anything else
793
    };
783 794
    ByteIOContext *pb = matroska->ctx->pb;
784 795
    uint32_t id = syntax->id;
785 796
    uint64_t length;
......
798 809
        matroska->current_id = 0;
799 810
        if ((res = ebml_read_length(matroska, pb, &length)) < 0)
800 811
            return res;
812
        if (max_lengths[syntax->type] && length > max_lengths[syntax->type]) {
813
            av_log(matroska->ctx, AV_LOG_ERROR,
814
                   "Invalid length 0x%"PRIx64" > 0x%"PRIx64" for syntax element %i\n",
815
                   length, max_lengths[syntax->type], syntax->type);
816
            return AVERROR_INVALIDDATA;
817
        }
801 818
    }
802 819

  
803 820
    switch (syntax->type) {

Also available in: Unified diff